Summary: Synology has issued urgent security updates to address critical zero-day vulnerabilities in its camera products, which were exploited during the Pwn2Own hacking competition. These vulnerabilities could allow remote attackers to gain complete control over affected devices, posing significant risks to users.
Threat Actor: Viettel Cyber Security and Zien | Viettel Cyber Security, Zien
Victim: Synology Camera Users | Synology Camera Users
Key Point :
- Multiple critical vulnerabilities were found in Synology camera models BC500, CC400W, and TC500.
- Exploitation of these vulnerabilities could allow attackers to execute arbitrary code and gain control over the cameras.
- Synology has released firmware updates to mitigate these vulnerabilities, urging users to upgrade immediately.
- The Pwn2Own competition provides a 90-day window for vendors to release patches before detailed vulnerability information is disclosed.
Synology, a leading provider of network-attached storage (NAS) solutions, has released urgent security updates to address multiple critical zero-day vulnerabilities discovered in its camera products. These flaws, which affect the BC500, CC400W, and TC500 camera models, were successfully exploited during the recent Pwn2Own hacking competition.
Security researchers from Viettel Cyber Security and Zien uncovered the vulnerabilities, which could allow remote attackers to execute arbitrary code or commands on affected devices. This could grant malicious actors complete control over the cameras, potentially enabling them to steal sensitive data, disrupt operations, or even use the devices as a springboard for further attacks.
According to Synology’s security advisory, “Multiple vulnerabilities allow remote attackers to execute arbitrary code or execute arbitrary commands on a susceptible version of Synology Camera BC500 Firmware, Synology Camera CC400W Firmware, and Synology Camera TC500 Firmware.”
Synology acted swiftly to mitigate these threats, releasing updated firmware versions for all three affected camera models. Users are strongly urged to upgrade to the following versions or above immediately:
- BC500: 1.2.0-0525
- CC400W: 1.2.0-0525
- TC500: 1.2.0-0525
While Synology has responded quickly, the vendors involved in Pwn2Own competitions typically have a 90-day window to release patches before Trend Micro’s Zero Day Initiative discloses detailed information about the vulnerabilities. This grace period allows time for critical fixes before vulnerabilities are publicly detailed.
Related Posts:
Source: https://securityonline.info/synology-issues-patches-for-critical-camera-flaws-discovered-at-pwn2own